forked from baron/baron-sso
접속이력 OIDC 접속 로그 누락 수정
This commit is contained in:
@@ -4246,11 +4246,10 @@ func (h *AuthHandler) GetAuthTimeline(c *fiber.Ctx) error {
|
|||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
consent, ok := consentMap[clientID]
|
consent, ok := consentMap[clientID]
|
||||||
if !ok {
|
if ok {
|
||||||
continue
|
if !consent.ConsentAt.IsZero() && log.Timestamp.Before(consent.ConsentAt) {
|
||||||
}
|
continue
|
||||||
if !consent.ConsentAt.IsZero() && log.Timestamp.Before(consent.ConsentAt) {
|
}
|
||||||
continue
|
|
||||||
}
|
}
|
||||||
oathkeeperLogs = append(oathkeeperLogs, log)
|
oathkeeperLogs = append(oathkeeperLogs, log)
|
||||||
if len(oathkeeperLogs) >= fetchLimit {
|
if len(oathkeeperLogs) >= fetchLimit {
|
||||||
@@ -4299,36 +4298,75 @@ func (h *AuthHandler) GetAuthTimeline(c *fiber.Ctx) error {
|
|||||||
return info, true
|
return info, true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
clientCache := make(map[string]loginClientInfo)
|
||||||
|
resolveClientByID := func(cid string) (loginClientInfo, bool) {
|
||||||
|
cid = strings.TrimSpace(cid)
|
||||||
|
if cid == "" || h.Hydra == nil {
|
||||||
|
return loginClientInfo{}, false
|
||||||
|
}
|
||||||
|
if cached, ok := clientCache[cid]; ok {
|
||||||
|
return cached, cached.ClientID != ""
|
||||||
|
}
|
||||||
|
client, err := h.Hydra.GetClient(c.Context(), cid)
|
||||||
|
if err != nil || client == nil {
|
||||||
|
clientCache[cid] = loginClientInfo{}
|
||||||
|
return loginClientInfo{}, false
|
||||||
|
}
|
||||||
|
name := strings.TrimSpace(client.ClientName)
|
||||||
|
if name == "" {
|
||||||
|
name = cid
|
||||||
|
}
|
||||||
|
info := loginClientInfo{
|
||||||
|
ClientID: cid,
|
||||||
|
Name: name,
|
||||||
|
}
|
||||||
|
clientCache[cid] = info
|
||||||
|
return info, true
|
||||||
|
}
|
||||||
|
|
||||||
items := make([]authTimelineItem, 0, len(authLogs)+len(oathkeeperLogs))
|
items := make([]authTimelineItem, 0, len(authLogs)+len(oathkeeperLogs))
|
||||||
for i := range authLogs {
|
for i := range authLogs {
|
||||||
log := authLogs[i]
|
log := authLogs[i]
|
||||||
appName := "Baron 로그인"
|
appName := "Baron 로그인"
|
||||||
clientID := ""
|
clientID := ""
|
||||||
path := strings.ToLower(extractAuditPath(log))
|
path := strings.ToLower(extractAuditPath(log))
|
||||||
if strings.Contains(path, "/api/v1/auth/oidc/login/accept") {
|
|
||||||
appName = "OIDC 로그인"
|
isOidcAccept := strings.Contains(path, "/api/v1/auth/oidc/login/accept")
|
||||||
// 우선 audit details의 client 정보를 사용하고, 없으면 Hydra 조회로 보강
|
isPasswordLogin := strings.Contains(path, "/api/v1/auth/password/login")
|
||||||
if details, err := utils.ParseAuditDetails(log.Details); err == nil && details != nil {
|
|
||||||
if name, ok := details["client_name"].(string); ok && strings.TrimSpace(name) != "" {
|
// 우선 audit details의 client 정보를 사용
|
||||||
appName = strings.TrimSpace(name)
|
if details, err := utils.ParseAuditDetails(log.Details); err == nil && details != nil {
|
||||||
}
|
if cid, ok := details["client_id"].(string); ok && strings.TrimSpace(cid) != "" {
|
||||||
if cid, ok := details["client_id"].(string); ok && strings.TrimSpace(cid) != "" {
|
clientID = strings.TrimSpace(cid)
|
||||||
clientID = strings.TrimSpace(cid)
|
|
||||||
if appName == "OIDC 로그인" {
|
|
||||||
appName = clientID
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
if appName == "OIDC 로그인" {
|
if name, ok := details["client_name"].(string); ok && strings.TrimSpace(name) != "" {
|
||||||
loginChallenge := extractLoginChallengeFromAuditDetails(log.Details)
|
appName = strings.TrimSpace(name)
|
||||||
if loginChallenge != "" {
|
}
|
||||||
if info, ok := resolveLoginClient(loginChallenge); ok {
|
}
|
||||||
appName = info.Name
|
|
||||||
clientID = info.ClientID
|
// 기본값이거나 클라이언트 ID인 경우 Hydra 조회로 보강
|
||||||
}
|
if appName == "Baron 로그인" || appName == "" {
|
||||||
|
if isOidcAccept {
|
||||||
|
appName = "OIDC 로그인"
|
||||||
|
}
|
||||||
|
if clientID != "" {
|
||||||
|
appName = clientID
|
||||||
|
if info, ok := resolveClientByID(clientID); ok {
|
||||||
|
appName = info.Name
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (isOidcAccept || isPasswordLogin) && (appName == "OIDC 로그인" || appName == "Baron 로그인" || appName == clientID) {
|
||||||
|
loginChallenge := extractLoginChallengeFromAuditDetails(log.Details)
|
||||||
|
if loginChallenge != "" {
|
||||||
|
if info, ok := resolveLoginClient(loginChallenge); ok {
|
||||||
|
appName = info.Name
|
||||||
|
clientID = info.ClientID
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
item := authTimelineItem{
|
item := authTimelineItem{
|
||||||
EventID: log.EventID,
|
EventID: log.EventID,
|
||||||
Timestamp: log.Timestamp,
|
Timestamp: log.Timestamp,
|
||||||
@@ -4353,11 +4391,17 @@ func (h *AuthHandler) GetAuthTimeline(c *fiber.Ctx) error {
|
|||||||
if clientID == "" {
|
if clientID == "" {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
consent := consentMap[clientID]
|
|
||||||
appName := consent.Name
|
appName := clientID
|
||||||
if appName == "" {
|
if consent, ok := consentMap[clientID]; ok {
|
||||||
appName = clientID
|
appName = consent.Name
|
||||||
}
|
}
|
||||||
|
if appName == "" || appName == clientID {
|
||||||
|
if info, ok := resolveClientByID(clientID); ok {
|
||||||
|
appName = info.Name
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
details := map[string]any{
|
details := map[string]any{
|
||||||
"path": log.Path,
|
"path": log.Path,
|
||||||
"client_id": clientID,
|
"client_id": clientID,
|
||||||
|
|||||||
Reference in New Issue
Block a user